It has become commonplace to employ any of a variety of security protocols and attestation schemes to enable each of two devices to evaluate the trustworthiness of the other, and to then form and maintain a secure “pipeline” or “channel” of communications between them to securely exchange data, even through a publicly accessible network (e.g., the Internet). Such approaches are frequently used in financial transactions, online purchases, streaming audio/visual programs, etc.
A chief concern sought to be addressed by such approaches is preventing the so-called “man in the middle” scenario from arising, in which another device may capture and/or inject commands and/or data into such communications, or may even become inserted into such communications to selectively relay and/or alter such communications. Stated differently, a primary goal of such approaches is to form a chain of trust directly between the two devices seeking to engage in secure communications to form that secure pipeline or channel therebetween.
Unfortunately, the successful formation of such a chain of trust enabling such secure communications between two devices does nothing to address concerns over security vulnerabilities within one or the other the two devices. In complex devices, there may be a particular application routine with which secure communications are meant to take place, but there may be numerous ways in which another routine may be interposed between that particular application and the interface by which that device engages in secure communications with another device. There is also the possibility that an application with which secure communications are meant to take place may not actually be executed on one of the two devices engaged in secure communications, but may actually be executed on a third device that communications with one of the two devices through communications that are not secured.